The 2017 Westminster data breach occurred on 23 June 2017, when an unauthorised attempt was made to gain access to email accounts belonging to a number of politicians at the United Kingdom's Houses of Parliament.[1] Whitehall officials have claimed that Iran was behind the attack. [2]
The incident was followed by an attempt to hack accounts belonging to politicians at the Scottish Parliament in August 2017.
Parliamentarians were told about the cyberattack on the evening of 23 June, and it was made public knowledge the following day by Chris Rennard, a Liberal Democrat member of the House of Lords who posted a request on social media asking people needing to contact him urgently to do so via text message. Remote access to politicians email accounts was disabled.
However, a spokesperson for the House of Commons said that this was a precautionary measure to protect security rather than a consequence of the cyberattack itself. The matter is being investigated by the National Cyber Security Centre with assistance from the National Crime Agency.[3]
Westminster authorities described the attack as "sustained and determined", and follows media reports that the email passwords of government ministers had been obtained by hackers and were being sold online.[4]
On 25 June, a Westminster spokesperson confirmed the cyberattack had been an attempt to hack email accounts with weak passwords, but that an investigation had found less than 1% of the 9,000 email addresses associated with parliament had been compromised—a figure representing around 90 email accounts. However, it was still being treated as a serious security breach: "The figure is less than many feared, but is still a breach."[5] MPs subsequently said that agencies with links to either Russia or North Korea were suspected of being behind the attack.
On 15 August, officials at Holyrood, home of the Scottish Parliament warned that accounts belonging to Members of the Scottish Parliament (MSPs) were currently the subject of a Brute-force attack which was attempting to crack weak passwords, but that no accounts had been compromised. However, MSPs were warned they may find themselves temporarily locked out of their accounts for security reasons. News outlets, such as The Guardian reported the attack was similar in nature to the one that had occurred at Westminster.[6] The following day officials said that Holyrood was working with the UK's National Cyber Security Centre to increase security measures.[7]